{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23302", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.993Z", "datePublished": "2026-03-25T10:26:57.470Z", "dateUpdated": "2026-03-25T10:26:57.470Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:26:57.470Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: annotate data-races around sk->sk_{data_ready,write_space}\n\nskmsg (and probably other layers) are changing these pointers\nwhile other cpus might read them concurrently.\n\nAdd corresponding READ_ONCE()/WRITE_ONCE() annotations\nfor UDP, TCP and AF_UNIX."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/core/skmsg.c", "net/ipv4/tcp.c", "net/ipv4/tcp_bpf.c", "net/ipv4/tcp_input.c", "net/ipv4/tcp_minisocks.c", "net/ipv4/udp.c", "net/ipv4/udp_bpf.c", "net/unix/af_unix.c"], "versions": [{"version": "604326b41a6fb9b4a78b6179335decee0365cd8c", "lessThan": "f17c1c4acbe2bd702abce73a847a04a196fab2c5", "status": "affected", "versionType": "git"}, {"version": "604326b41a6fb9b4a78b6179335decee0365cd8c", "lessThan": "27fccdbcbbfc4651b6f66756e6fa3f52e051ec23", "status": "affected", "versionType": "git"}, {"version": "604326b41a6fb9b4a78b6179335decee0365cd8c", "lessThan": "2ef2b20cf4e04ac8a6ba68493f8780776ff84300", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/core/skmsg.c", "net/ipv4/tcp.c", "net/ipv4/tcp_bpf.c", "net/ipv4/tcp_input.c", "net/ipv4/tcp_minisocks.c", "net/ipv4/udp.c", "net/ipv4/udp_bpf.c", "net/unix/af_unix.c"], "versions": [{"version": "4.20", "status": "affected"}, {"version": "0", "lessThan": "4.20", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "7.0-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/f17c1c4acbe2bd702abce73a847a04a196fab2c5"}, {"url": "https://git.kernel.org/stable/c/27fccdbcbbfc4651b6f66756e6fa3f52e051ec23"}, {"url": "https://git.kernel.org/stable/c/2ef2b20cf4e04ac8a6ba68493f8780776ff84300"}], "title": "net: annotate data-races around sk->sk_{data_ready,write_space}", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: annotate data-races around sk->sk_{data_ready,write_space}\n\nskmsg (and probably other layers) are changing these pointers\nwhile other cpus might read them concurrently.\n\nAdd corresponding READ_ONCE()/WRITE_ONCE() annotations\nfor UDP, TCP and AF_UNIX."}], "id": "CVE-2026-23302", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:25.923", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/27fccdbcbbfc4651b6f66756e6fa3f52e051ec23"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2ef2b20cf4e04ac8a6ba68493f8780776ff84300"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f17c1c4acbe2bd702abce73a847a04a196fab2c5"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: net: annotate data-races around sk->sk_{data_ready,write_space}", "id": "2451200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451200"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-366", "details": ["A flaw was found in the Linux kernel. This vulnerability involves data races within the networking subsystem, specifically related to how network socket pointers are handled concurrently by multiple central processing units (CPUs). Without proper synchronization, this concurrent access can lead to unpredictable system behavior."], "name": "CVE-2026-23302", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23302\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23302\nhttps://lore.kernel.org/linux-cve-announce/2026032527-CVE-2026-23302-e03d@gregkh/T"], "statement": "This is a theoretical data race in socket callback pointer handling (sk_data_ready, sk_write_space) for UDP, TCP, and AF_UNIX sockets. The fix adds READ_ONCE()/WRITE_ONCE() annotations to ensure proper memory ordering. While technically a data race, no practical security impact or crash has been demonstrated; this is primarily a correctness fix for concurrent access patterns.", "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[604326b41a6fb9b4a78b6179335decee0365cd8c,f17c1c4acbe2bd702abce73a847a04a196fab2c5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[604326b41a6fb9b4a78b6179335decee0365cd8c,27fccdbcbbfc4651b6f66756e6fa3f52e051ec23)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[604326b41a6fb9b4a78b6179335decee0365cd8c,2ef2b20cf4e04ac8a6ba68493f8780776ff84300)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4.20"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,4.20)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc3,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-03-26T05:06:59.598272+00:00", "value": {"mitigation_remediation": ["Verify the current kernel version and check if the commit adding READ_ONCE()/WRITE_ONCE() annotations for sk->sk_{data_ready,write_space} is present.", "Update the kernel to a version that includes the patch by installing a newer kernel package from the distribution\u2019s official repository or, if building from source, apply the upstream commit and rebuild.", "Reboot the system to load the patched kernel image.", "After reboot, confirm that the kernel\u2019s build identifier or commit hash reflects the inclusion of the patch.", "Continue to monitor vendor security advisories for additional updates or related vulnerabilities."], "summary": {"action": "Patch", "impact": "Data Race in Kernel Networking"}, "threat_synthesis": {"affected_systems": "All Linux kernel releases that lack the commit adding READ_ONCE()/WRITE_ONCE() annotations for sk->sk_data_ready and sk->sk_write_space are affected. This includes the networking code for UDP, TCP, and AF_UNIX. Vendor kernels such as the official Linux distribution images are impacted until the patch is incorporated.", "description_and_impact": "The vulnerability involves a data race between the reading and writing of the sk->sk_data_ready and sk->sk_write_space fields in the Linux kernel networking subsystem. These fields can be modified by one CPU while another CPU reads them concurrently, potentially leading to inconsistencies in network behavior.", "risk_and_exploitability": "The CVSS score of 3.3 indicates low severity, and the EPSS score below 1\u202f% suggests a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation would require a local race condition between CPUs and no publicly available exploit techniques are documented, so the overall risk is modest pending application of the patch."}}}}, "created": "2026-03-25T21:15:28.426438+00:00", "updated": "2026-03-26T12:16:54.275610+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}